In particular, the disclosure refers to a method of the type above mentioned to improve security in wireless transmissions that involve secure electronic devices, such as integrated circuit cards (IC Cards).
Methods are known to detect a message compatible with the OTA standard (Over The Air) and affected by an error. One of these methods, known as checksum, includes summing up all the bits of a message and in storing the resultant value in the same message, before its transmission. After receiving the message, the same sum calculation is implemented and the resultant value is compared with the stored value in the message. If the two values do not correspond, an error is detected.
In the presence of a wrong checksum, a receiving device may return a generic error to a sender device or ask for the retransmission of the message. The error is generic because the checksum does not allow returning to the cause which has determined the different value of the sum before and after the transmission.
The known methods are not able to detect if the OTA message is affected by a specific error, and in particular by a cryptographic error. On the contrary, the response given by the receiving device to an OTA message affected by a cryptographic error may supply information that compromises its security.
For this reason, the sender device may be a hacker which intentionally sends an OTA message affected by wrong or incorrect cryptography, i.e. using a wrong cryptographic key, for analyzing the generic error response of the receiving device and gleaning information therefrom.
In particular, in the field of telecommunication applications (GSM, UMTS, 3GPP2, LTE, etc.), a way to attack an integrated circuit card (IC Card, SIM, USIM, UICC, R-UIM), includes sending to the card an OTA message using a false cryptographic key. The information sent to the card in response to the OTA message may be used to return to the cryptographic key of card.
To understand this better, it is worthwhile observing that, according to the OTA protocol, some information can be encrypted in the message to send through a symmetric key cryptographic algorithm, such as the DES, 3DES, AES algorithms.
Once the OTA message is received and deciphered, the receiving device can verify the authenticity, the correctness and the integrity of the received data. For this purpose, in accordance with the OTA standard, three control modes are considered, mutually exclusive, based on variable size field within the OTA packet. They are known as Cryptographic Checksum, Digital Signature and Redundancy Check.
However, even if the methods represent a valid approach to the integrity and authenticity control of the received data, they may not be able to distinguish the event wherein the OTA message received has been ciphered with a wrong or incorrect key (for example in case of a hacker attack) from the event wherein errors have occurred, such as errors due to interference.
Moreover, according to the OTA standard, usage of the control modes is nonobligatory. Indeed, the transmission of OTA messages without Cryptographic Checksum, Digital Signature and Redundancy Check is common practice, because it accelerates the communication, even if it prevents implementing the controls.
In other words, the ciphering error is not adequately processed by the receiving device that works according to the OTA standard, which may answer sending considerable information, that could allow a hacker to detect the ciphering key of the receiving device.
The technical problem at the base of the present disclosure is to determine a method to detect a message compatible with the OTA standard and affected specifically by an incorrect cryptography, both in the case that the OTA message comprises the optional values of Cryptographic Checksum or Digital Signature or Redundancy Check, and in the case wherein the values are omitted, as optional, allowing therefore the receiving device to implement a countermeasure to a possible attack based on an intentional incorrect cryptography and riding out the limitations which even now affect the known methods.